158 Chapter 7 ■ Gaining Access to a System
is to inject the captured information—such as a password—back onto the network and
direct it toward a resource such as a server, with the goal of gaining access. Once replayed,
the valid credentials provide access to a system, potentially giving an attacker the ability to
change information or obtain confidential data.Active Online Attacks
The next attack type is the active online attack. These attacks use a more aggressive form
of penetration that is designed to recover passwords.Password Guessing
Password guessing is a very crude but effective type of attack. An attacker seeks to recover
a password by using words from the dictionary or by brute force. This process is usually
carried out using a software application designed to attempt hundreds or thousands of
words each second. The application tries all variations, including case changes, substitu-
tions, digit replacement, and reverse case.
To refine this approach, an attacker may look for information about a victim, with the
intention of discovering favorite pastimes or family names.Password complexity goes a long way toward thwarting many of these
types of attacks, because it makes the process of discovering a password
slower and much more difficult.Trojans, Spyware, and Keyloggers
Malware is discussed in depth elsewhere in this book, but here we should mention its
potential role during an attack. Malware such as Trojans, spyware, and keyloggers can
prove very useful during an attack by allowing the attacker to gather information of all
types, including passwords.
One form is keyboard sniffing or keylogging, which intercepts a password as the user
enters it. This attack can be carried out when users are the victims of keylogging software
or if they regularly log on to systems remotely without using protection.Hash Injection
This type of attack relies on the knowledge of hashing that you acquired during our investi-
gation on cryptography and a few tricks. The attack relies on you completing the following
four steps:- Compromise a vulnerable workstation or desktop.
- When connected, attempt to extract the hashes from the system for high-value users,
such as domain or enterprise admins. - Use the extracted hash to log on to a server such as a domain controller.
- If the system serves as a domain controller or similar, attempt to extract hashes from
the system with the intention of exploiting other accounts.